07-17-2013 5:20 PM
Hello,
I've to change an existing ws proxy to send a username token to meet our increased security needs.
Therefore
- I changed the the proxy configuration in the IDE from none to basic
- I configured a username and password and switched on "User ID / Password" Authentication in logical port's consumer security - authentication settings
But nothing changed in my SOAP header. No security tags appear.
I tried to follow the instructions here
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/f7/993240713be801e10000000a155106/content.htm?frame...
but failed because I've never seen any "Visual Administrator". I'm a developer, our Administrators are on holydays. Please help, it's urgent.
Thanks for any help,
Jan
We are running NW 7.0 EHP1
07-22-2013 6:35 AM
Hi Jan,
please check the documentation for the visual admin tool at help.sap.com.
● On UNIX platforms, enter on the command line /usr/sap/<SAPSID>/<Instance_Name>/j2ee/admin/go.sh
● On Windows platforms, run <Drive>:\usr\sap\<SAPSID>\<Instance_Name>\j2ee\admin\go.bat
However you need os level access to the systems.
Regards,
Patrick
07-23-2013 3:15 PM
Hey Patrick,
my linux path is ending after /usr/sap/<SAPSID>/<Instance_Name>/. There is no j2ee folder at our system. Might it be, we are missing Java at all?
How can I check this? And how can I make sure that it is absolutely needed for the username token? I guess our Basis team will kick me out if I ask them to install AS Java for this feature.
Cheers Jan
07-24-2013 7:15 AM
Hi Jan,
maybe you are simply following the wrong documentation, if you are on ABAP, the steps would be different. Please see the docs for Message based authenticaiton in ABAP on this.
There is also a configuration example available.
Regards,
Patrick
07-29-2013 11:56 AM
Thanks Patrick,
the documentation on EHP 2 is much better than on 1! Hopefully I'm on the right way now. I found out I've to make the system trust each other first. Therfore I've to install the public cert of the remote server. I'll report when I completed this task.
Jan
07-30-2013 7:19 AM
Hi Jan,
you only have to add the publix of the provider (server) to the list of trusted certs unless both systems will call each other. If you want to do X.509 based auth (independant whether it is transport or message based) you have to add the CA cert of the CA creating the user keys to the list of trusted CAs to do authentication (independant whether it is via cert mapping or rule based.
Regards,
Patrick